(a)The Chief Information Officer of the Department shall be consulted on all decisions to approve or disapprove, significant new unclassified information technology expenditures, including software, of the Department, including expenditures related to information technology acquired, managed, and maintained by other bureaus and offices within the Department, in order to—
(1)encourage the use of enterprise software and information technology solutions where such solutions exist or can be developed in a timeframe and manner consistent with maintaining and enhancing the continuity and improvement of Department operations;
(2)increase the bargaining power of the Department in acquiring information technology solutions across the Department;
(3)reduce the number of redundant Authorities to Operate (ATO), which, instead of using one ATO-approved platform across bureaus, requires multiple ATOs for software use cases across different bureaus;
(4)enhance the efficiency, reduce redundancy, and increase interoperability of the use of information technology across the enterprise of the Department;
(5)enhance training and alignment of information technology personnel with the skills required to maintain systems across the Department;
(6)reduce costs related to the maintenance of, or effectuate the retirement of, legacy systems;
(7)ensure the development and maintenance of security protocols regarding the use of information technology solutions and software across the Department; and
(8)improve end-user training on the operation of information technology solutions and to enhance end-user cybersecurity practices.
(b)(1)Not later than 180 days after December 22, 2023, the Chief Information Officer of the Department shall develop, in consultation with relevant bureaus and offices as appropriate, a strategy and a 5-year implementation plan to advance the objectives described in subsection (a).
(2)No later than one year after December 22, 2023, the Chief Information Officer shall submit the strategy required by this subsection to the appropriate congressional committees and shall consult with the appropriate congressional committees, not less than on an annual basis for 5 years, regarding the progress related to the implementation plan required by this subsection.
(c)(1)Not later than 180 days after December 22, 2023, the Chief Information Officer shall develop policies and protocols to improve the customer service orientation, quality and timely delivery of information technology solutions, and training and support for bureau and office-level information technology officers.
(2)Not later than one year after December 22, 2023, and annually thereafter for five years, the Chief Information Officer shall undertake a client satisfaction survey of bureau information technology officers to obtain feedback on metrics related to—
(A)customer service orientation of the Bureau of Information Resources Management; 1
(B)quality and timelines of capabilities delivered;
(C)maintenance and upkeep of information technology solutions;
(D)training and support for senior bureau and office-level information technology officers; and
(E)other matters which the Chief Information Officer, in consultation with client bureaus and offices, determines appropriate.
(3)Not later than 60 days after completing each survey required under paragraph (2), the Chief Information Officer shall submit a summary of the findings to the appropriate congressional committees, the Committee on Homeland Security and Governmental Affairs of the Senate, and the Committee on Oversight and Accountability of the House of Representatives.
(d)For purposes of this section, the term “significant expenditure” means any cumulative expenditure in excess of $250,000 total in a single fiscal year for a new unclassified software or information technology capability.
(e)Nothing in this section may be construed—
(1)to alter the authorities of the United States Office of Management and Budget, Office of the National Cyber Director, the Department of Homeland Security, or the Cybersecurity and Infrastructure Security Agency with respect to Federal information systems; or
(2)to alter the responsibilities and authorities of the Chief Information Officer of the Department as described in titles 40 or 44 or any other law defining or assigning responsibilities or authorities to Federal Chief Information Officers.
